Prefer GSI authN for CEs advertising to Central Collectors


Originally we were hoping to prefer SSL and use GSI as a fallback but this doesn't work well since we're using the default SSL cert/key/CA locations in /etc/pki while most CEs today keep their credentials in /etc/grid-security. HTCondor-CEs should support both SSL and GSI authN but prefer GSI to support the world as it is, not how we want it it to be.


Mat Selmeci
February 4, 2021, 10:07 PM

Code Review

Since this is for the CE collector, which we deploy, it shouldn't cause any issues and is a good workaround for HTCONDOR-236.

Review passed.

Brian Lin
February 4, 2021, 8:44 PM

I think the HTCondor dev process requires that you dump something like the following in the ticket:

Code Review

<insert review here>

Time remaining



Brian Lin